Apple patches Safari arbitrary code execution vulnerabilities
Posted on 15 August 2014.
Apple released new versions of their Safari browser - 6.1.6 and 7.0.6 - in which they fixed multiple memory corruption problems in Webkit.


Out of the seven distinct CVE-IDs, five of the bugs were found in-house and the other two are credited to an anonymous researcher and the Google Chrome Security Team.

By setting up a web site with the malicious code, an attacker could cause arbitrary code execution or a denial of service (memory corruption and application crash) on the client's computer.

List of the related CVE-IDs:
  • CVE-2014-1384
  • CVE-2014-1385
  • CVE-2014-1386
  • CVE-2014-1387
  • CVE-2014-1388
  • CVE-2014-1389
  • CVE-2014-1390.



Author: Berislav Kucan, Director of Operations at Help Net Security.





Spotlight

(IN)SECURE Magazine issue 45 released

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Learn about personal data bankruptcy and the cost of privacy, security and compliance, delivering digital security to a mobile world, and much more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Wed, Mar 4th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //